[Advanced] How do hackers hide their traces on fraud process (with real examples of card & crypto stealing)?
Let me introduce the subject then going to the main part (cause I hate it too).
I love to research something that gets my attention. So, a few weeks ago I wondered how hackers can hide their traces on card transactions. By the way, I’m not talking about VPN, DNS changing, etc. I talk about the methods they use such as Lazarus Cybercrime group. Thus, I read a lot of articles and found the main process that using by.
Hackers or how in this situation are called ‘card stealers’ have such ways to hide their transactions when they sell or use credit cards. One of them is just ‘bitcoin mixers and tumblers’, other method is just ‘selling’ (I’ll write about this in next article). You can ask what do they mean? Don’t worry I’ll explain all of them with real examples and in simple words.
Bitcoin Mixers and Tumblers
Bitcoin Mixer is a service that lets you send your bitcoins through a series of anonymous transactions. This makes it much more difficult to trace the source of the funds or in simple words, it is much more challenging to determine where the money came from as a result. For this reason, Bitcoin mixers are a popular choice for those who choose to keep their identity hidden. On the other hand ‘Tumblers’ is almost like Mixers, but Tumblers sometimes work with third parties. Thus, in my opinion, mixer is more secure.
There are numerous Bitcoin mixers available, but not all of them are suitable for everyone. It can be challenging to choose a mixer because some are infamous for being dishonest and others have high prices.
Before, going to services that give mixer, I’m gonna try to explain it in detail so that even your uncle can understand that! So, mixer works almost like a neural network pattern. In the basic case, A user (sender) sends crypto to B user (Receiver). This can be seen by the public because the process is public on the market and other thing is that we can see 2 people send each other money. So, there are 2 critical vulnerabilities for us. In this situation, mixer helps us. A user sends Bitcoin to a pool (mixer) where all the money contains in, then it starts to cut into pieces that bitcoin. For example, 1BTC breaks into 1000 pieces (it can be hunders, thousands and even bigger) and after the process, you can see that you get 1BTC from 1000 accounts like 1000 x 0.001BTC = 1BTC.
You can think that, in the end, all of them come into 1 place, how can it be a secure or private process? No, you see that everything comes into 1 place, but not anyone else. They just can see a person sending BTC to 1 place and he/she sent all the money to 1000 people. So it’s almost impossible to track that destination address.
To the attention, you can add 2 or more destination addresses for get coin more privacy, but don’t forget that every address takes fees. Mostly they are 1–3%, but again it depends on mixer.
Famous and Secure Mixers
There are some kind of mixers on the market that has advantages and disadvantages. I’ll list 2 of them.
- Sinbad.io
The most reliable Bitcoin mixer available is called Sinbad. It has a no-logs policy, and after the mixing is finished, all information about your transactions is deleted. If you have any issues, you can use the Guarantee letter Sinbad Mixer gives you to contact customer service, show that you are the rightful owner of the Bitcoin, and have the problem fixed. It needs a minimum of 0.001 BTC.
First, it wants our receiver’s Bitcoin address, I typed a fake one for showing further steps. Then I choose the service fee, the fee depends on time. For example, if you want your money on time, you should give more fee.
After ‘next’, it shows us details for the completing process and also gives us a guarantee document if there’d be a problem. This is the best feature of Sinbad!
After we download the guarantee document, I scanned it on VirusTotal and it said, that document is Trojan. But in fact, it’s not. I think it’s for avoiding people from that.
Advantages: No logs policy, Good customer support, fast payouts, customizable mixing settings for better anonymity, and also available in Tor
Disadvantages: New in the market
2. Mixero
One of the top Bitcoin tumbler services for both beginners and experts in mixing coins is Mixero. The platform provides high-quality service and a high degree of anonymity with very low and variable service fees, allowing up to 5 withdrawal wallet addresses. Mixero does not require the creation of accounts and has a zero-logs policy. It needs a minimum of 0.002 BTC.
As you see, there are 2 options CoinJoin and Advanced. For security purposes, I can’t say which one is better. Anyway, this is the almost same as other mixes. The difference here is VirusTotal claimed it was Clean.
Advantages: Zero-log policy, has a positive reputation among the Bitcoin community, offers flexible transaction fees and a low minimum transaction limit, etc.
Disadvantages: No user-controlled time delays (for example, I want my BTC after 1 day, but it can be delayed and make my day bad!)
If you want to know more, you can search for it easily on crypto sites.
Is it legal or illegal?
In the USA, human rights say that being anonymous for hiding your payments from others is legal. Why?
Let’s suppose you spend 1000$ in your bank account. But did you ever see your bank shows your transactions to the public? Absolutely no. So, for this reason, hiding your transactions in crypto is legal. But your chosen mixers should contain some responsibilities. Just, be careful what you’re doing. Don’t do harmful things.
Conclusion
In a nutshell, all the things that I wrote in this article are for educational and scientific purposes. Especially they are for cyber security employees who are interested in this. I’m not taking any responsibility for people who read and do something illegal!
